Iran's nuclear program seems to have been the prime target of one of the Internet's most renowned malworms, Stuxnet. Believed, but never demonstrated, to be the creation of a nation state (with the United States and Israel the heavily favored suspects), Stuxnet was brilliantly designed selectively to target the Siemens cyber-systems used in Iran's nuclear processing.
Admittedly, Siemens SCADA systems used elsewhere were also hit, but those in Iran sustained the most damage by far. This hardly leads anyone to scream "Coincidence!" when Iran turns out to be the target of an even more refined cyberweapon, Flame.
As with Stuxnet, we have Moscow's Kaspersky Lab to thank for first flushing out and describing this new threat. Described by a Kaspersky expert as possibly "the most sophisticated cyber weapon yet unleashed," Flame's main purpose seems to be information theft rather than destruction.
What it shares in common with Stuxnet, according to Kaspersky, is the exploitation of very specific software vulnerabilities, and -- yes -- the geographical trajectory of its targeting, well illustrated by this Kaspersky map:
Again, the focus on Iran is more than striking.
Characterised as a "huge package of modules," Flame can replicate on removeable media as well as local networks. Once introduced:
Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame's command-and-control servers.
The ability to record audio is innovative, as is the ability to take screenshots when specific applications are run. Kaspersky is certain, both from the complexity of the toolkit, and the attack vectors, that a nation state is responsible for Flame's creation and release.
Which gets us somewhere or nowhere, depending on how you look at it. For all security expert Richard Clarke's vaunted certainty that the United States was behind Stuxnet, there remains a startling lack of hard evidence. If Flame is indeed the work of a nation state, it's again hard to imagine a more likely culprit than the States, with or without the involvement of Israel. Why would China be so deeply engaged in cyberespionage in the Middle East?
But in this game of smoke and mirrors, who knows? There is, however, a deeper reason for concern -- if you need one. It seems likely that Flame had been in the wild for as much as two to three years before Kaspersky discovered it. What's more, there are multiple variants out there, currently active.
Which brings us to the inevitable question: What other, possibly more sophisticated attack kits are roaming the Internet, as yet unknown to us? Panic mongering? The rule, when it comes to cybersecurity, seems to be that things are always worse than you think they are.
Maybe it's just the "worst cyberattack in history" so far.
By the way, could the Senate please agree on a way to secure the critical infrastructure before everyone starts playing this game?
— Kim Davis , Community Editor, Internet Evolution